Ransomware attacks see 148% surge amid COVID-19

It's well-documented that threat actors will often take advantage of society's fears in order to pursue cybercrime, but new research from VMware Carbon Black suggests that the reality might be even worse than initially thought.

The endpoint security vendor, which was acquired by VMware last for $2.1 billion, said ransomware attacks jumped 148% in March over baseline levels in February.

"Notable spikes in attacks can also be correlated to key days in the COVID-19 news cycle, suggesting attackers are being nefariously opportunistic and leverage breaking news to take advantage of vulnerable populations," the report reads.

VMware Carbon Black analytics showed surges in threat activity on specific days during the pandemic,  including January 30, which saw a 48% increase in ransomware attacks over baseline levels with the U.S. announcing its first case of coronavirus. February 29 saw a major spike when multiple states declared public health emergencies, as did March 1 when the first COVID-19 death was declared in the United States.

"It really highlights the predatory nature of the dark web, and the ransomware spikes that we've seen, over 148% increase shows that in this time of global recession, there is a surging and burgeoning economy of scale that is the dark web," Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, told SearchSecurity.

The report also establishes that of verticals targeted by cybercrime, threat actors have heavily shifted their efforts toward financial institutions.

"In March, financial-related attacks accounted for 52% of all attacks seen across the VMware Carbon Black dataset, an unprecedented anomaly in our data tracking," the report read. "Healthcare, normally a top-three vertical for targeting, finished March as the seventh most frequently targeted industry, according to our findings."

The dip in attacks on healthcare targets coincides with several ransomware groups declaring last month that they would refrain from attacking any medical facilities or hospitals during the pandemic. But the massive increase in attacks on financial institutions indicates cybercriminals are more than making up for the drop-off in healthcare-related attacks.

"There's such an influx of money going into the financial sector from the government as well as being doled out from the financial sector to individuals that it's an opportunity to manifest this cybercrime," Kellermann said.

The report points out that of the 52% of attacks targeting the financial sector in March, 70.9% of those came from the Kryptik trojan, an old trojan that was used in 2015 to target the Ukrainian power grid.

"It's blatantly obvious that the Russian hacking community is taking full advantage of the situation and going full-bore at the financial sector," Kellermann said.